Privacy Policy
Effective from: 25 May 2020
1. Introduction
This privacy policy (“policy”) applies to the processing of personal data by ExoAtlet in connection with the processing of personal data on the ExoAtlet websites www.exoatlet.com, www.exoatlet.lu, www.exorehabs.com, www.exoedu.lu (“Website”). Although you can browse through most of these websites without giving any personal information, in some cases information is required in order to provide you additional information or services upon your request. You may need to provide personal data though the use of our Website when you sign up to receive newsletters, register for events or use our contact forms.
Our Website is not intended for children and we do not knowingly collect personal data related to children. References in this policy to “you” or “your” are references to individuals who use the Website. References in this policy to “ExoAtlet”, “we”, “us” or “our” are references to Exoatlet Global S.A. ExoAtlet Global S.A. is a société anonyme established under laws of Grand Duchy of Luxembourg, whose registered office is at Route d’Esch 70, Luxembourg.
2. Importance of personal data protection
The protection of your personal data is a priority to us. We recognize that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process.
Our Website is equipped with various security measures to secure information with the best possible way. However, absolute protection of your data cannot be guaranteed because of security gaps on the Internet cannot be ruled out.
3. Purpose of this policy
This policy aims to give you necessary information about how ExoAtlet collects and processes your personal data when you use our Website and provides details about your legal rights in relation to your personal information and how to contact us if you have a complaint. It is important that you read this policy together with our Cookie Notice and any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This policy supplements the other notices and policies and is not intended to override them.
4. Who is the controller for the personal data processed?
A “controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This policy is issued on behalf of Exoatlet Global S.A. as a controller. Unless we notify you otherwise Exoatlet Global S.A. is the controller for your personal data.
If you have any questions about this policy, including any requests to exercise your rights, please contact us:
ExoAtlet Global S.A.,Route d’Esch 70, Luxembourg.
gdpr@exoatlet.com
5. How to make a complaint about the use of your personal data by us
If you have any concerns or would like to make a complaint about our processing of your personal data, please contact us gdpr@exoatlet.com. You may raise your concerns with your local data protection authority, without contacting us directly. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to processing of your personal data.
6. Changes to the policy or to your personal data
The first version of this policy was issued in May 2020 and this policy was last updated on the “effective from” date (if any) on the cover page of this policy. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact your relationship partner or email us at gdpr@exoatlet.com
7. Third party links
The Website may provide links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. In order to use third party content on our websites, you may need to accept their specific terms and conditions, including their cookie policies over which we have no control.
Name of the third parties’ plugins, tools and applications | Description |
---|---|
Facebook plugins (Like & Share buttons) | Our website includes plugins for the social network Facebook, Facebook Inc. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/. When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy policy at https://www.facebook.com/policy.php. If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account. |
Twitter plugin | Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to inform you that we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter’s privacy policy, please go to https://twitter.com/privacy. Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings. |
Google+ plugin | Our Website’s pages use Google+ functions. It is operated by Google Inc. Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you. Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users’ +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites. |
LinkedIn plugin | Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation. Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn. More information can be found in the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy. |
Google Analytics | This website uses Google Analytics, a web analytics service. It is operated by Google Inc. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. IP anonymizationWe have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. Browser pluginYou can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.: https://tools.google.com/dlpage/gaoptout?hl=en. |
MailChimp | This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC. MailChimp is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA. MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States. We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests. If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed. The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected. We have entered into a data processing agreement with MailChimp, in which we require MailChimp to protect the data of our customers and not to disclose said data to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/. For details, see the MailChimp privacy policy at https://mailchimp.com/legal/terms/ |
YouTube | Our website uses plugins from YouTube and the operator of the pages is YouTube LLC. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. Further information about handling user data, can be found in the data protection declaration of YouTube under https://policies.google.com/privacy?hl=en&gl=de. |
Google Web Fonts | For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://policies.google.com/privacy?hl=en. |
Google Maps | This site uses the Google Maps map service via an API. It is operated by Google Inc. To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. |
8. The personal data we collect about you
Personal data includes any information about an individual from which that person can be identified. This does not include any information that does not, and cannot be used to, identify an individual.
We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this policy.
We do not collect any special categories of personal data about you through this Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this policy:
- “Contact Data”: including your work address, email address and telephone numbers;
- “Identity Data”: including your first name, last name, username or similar identifier, title;
- “Marketing and Communications Data”: including your marketing and communication preferences. We also track when you receive and read marketing communications from us, which information we use to improve our marketing services, provide you with more relevant information and improve the quality of our marketing materials;
- “Profile Data”: including information collected progressively when you visit our site including your referral website, pages you visit, actions you take, patterns of page visits and information from forms you fill in;
- “Technical Data”: includes information collected when you access our Website or knowledge portal, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, language preferences, browser plug-in types and versions, operating system and platform and other technology on the devices you are using; and
- “Usage Data”: information about how you use our Website.
9. If you fail to provide personal data to us
Where we need to collect personal data by law, or under the terms of a collaboration or contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or register you to the event). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
10. How your personal data is collected
We use different methods to collect personal data from and about you, including through the channels set out below.Direct interactions: You give us your Contact Data, Identity Data and Profile Data directly, for example, when you:
- register for a seminar, webinar or event;
- submit a contact form on our Website or our knowledge portal;
- subscribe to receive our publications;
- request marketing to be sent to you;
- give us feedback.
Third parties or publicly available sources: We receive Technical Data from analytics providers such as Google based outside the EU.
11. How we use your personal data
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. This policy sets out further information about the legal bases that we rely on to process your personal data.
When you use our Website we will use your personal data in the following circumstances:
- “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
- “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
- “legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
- “Consent”: Generally, we do not rely on consent as a legal basis for processing your personal data except where we may be required in relation to sending third party direct marketing communications to you via email or text message and in using cookies on our website.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at gdpr@exoatlet.com.
12. How we use cookies on our Website
For details of how we use cookies on our Website, please see our Cookie notice, for list of cookies we use on our Website please see Cookie declaration.
13. Purposes and legal basis for which we will use your personal data
We set out below, in a table format, a description of the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate, we have also identified our legitimate interests in processing your personal data. We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data.
Please contact us at gdpr@exoatlet.com if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose and/or activity | Type of data | Legal basis for processing |
To notify you about changes to our Website terms or privacy policy; and asking you to leave feedback |
|
|
To manage and protect our business and this Website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting |
|
|
To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you |
|
|
To make suggestions and recommendations to you about services or content that may be of interest to you |
|
|
To use data analytics to improve our website, our services, marketing, customer relationships and experiences |
|
|
14. Change of purpose
We will only use your personal data for the purposes for which we collected it as detailed in section “How we use your personal data” and Section “Purposes and legal basis for which we will use your personal data” and our Cookie notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at gdpr@exoatlet.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
15. Marketing and exercising your right to opt-out of marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.
We would encourage you to make such requests via the forms and links provided for that purpose in the marketing materials we send you. You may alternatively make any such request by email: gdpr@exoatlet.com. In any event, such request can be made at any time free of charge.
16. Third-party marketing
We do not share your personal data with any organizations outside of ExoAtlet for marketing purposes. We require any person or entity to whom we disclose personal data pursuant to this Section to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations.
17. Data security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, including:- in some circumstances the anonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
18. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for cookies on this Website are set out in our Cookie notice and Cookie declaration. If you would like to know more about the retention periods we apply to your personal data, please contact us at gdpr@exoatlet.com.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
19. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data. Details of your rights are set out below:- right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
- right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
- right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified;
- right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
- right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
- right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a Website). Information about you which has been gathered by monitoring your behavior will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
- right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
- right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You may exercise any of your rights at any time using the contact details set out in Section 4 of this Privacy Policy. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.